I develop an Sqlite plugin using l2tscaffolder. The scaffolder successfully built the plugin. After that, I rebuilt the plaso and got an error ImportError: cannot import name 'eventdata' from 'plaso.lib'
To Reproduce
Steps to reproduce the behavior:
What definition was selected
$ l2t_scaffolder.py
== Starting the scaffolder ==
Gathering required information.
Path to the project root: /home/parallels/git/plaso
Path [/home/parallels/git/plaso] set as the project path.
Name of the module to be generated. This can be something like "foobar sqlite" or "event analytics".
This will be used for class name generation and file name prefixes.
Module Name: iOS Accounts
About to create a new feature branch to store newly generated code.
ERROR:root:Running: "git show-ref --verify --quiet refs/heads/"ios_accounts"" failed with error: .
Creating feature branch: ios_accounts inside /home/parallels/git/plaso
Switching to feature branch ios_accounts
Available scaffolders for plaso:
[0] sqlite
Scaffolder choice: 0
Define the name of the callback function (key) that will be
called for every row returned from the SQL query (value).
The plugin will execute the SQL query and call the callback
once for each resulting row. The name of the function should
follow style guide and be descriptive. An example of that is
a SQL statement that fetches bookmarks, the key name should be
Bookmark, or if the SQL statement collects GPS coordinates
it could be called Location.
Callback function name [#1]: User
SQL Statement [#1]: select zdate, zaccounttypedescription, zusername, zaccountdescription, zaccount.zidentifier, zaccount.zowningbundleid from zaccount, zaccounttype where zaccounttype.z_pk=zaccount.zaccounttype
More entries? [Y/n]: n
List of required tables
Value to add [#1]: zaccount
Add more values? [Y/n]: Y
Value to add [#2]: zaccounttype
Add more values? [Y/n]: n
Absolute or relative path to the file that will be used for tests.
Value: /home/parallels/Desktop/Accounts3.sqlite
Ready to generate files? [Y/n]: Y
File: /home/parallels/git/plaso/test_data/Accounts3.sqlite written to disk.
File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/tests/parsers/sqlite_plugins/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/plaso/formatters/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/tests/formatters/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/plaso/formatters/init.py written to disk.
File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/init.py written to disk.
*Error message, or output that was unexpected*
After the scaffolder finished the plugin, I rebuilt plaso using command `python3 setup.py build && python3 setup.py install`. Then, I run psteal.py to build a timeline from an sqlite given for the test. I got the error messages below.
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/init.py", line 656, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/init.py", line 1453, in run_script
exec(code, namespace, namespace)
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/EGG-INFO/scripts/psteal.py", line 21, in
from plaso.cli import psteal_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/psteal_tool.py", line 11, in
from plaso.cli import extraction_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/extraction_tool.py", line 18, in
from plaso import parsers # pylint: disable=unused-import
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/init.py", line 83, in
from plaso.parsers import sqlite_plugins
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/init.py", line 20, in
from plaso.parsers.sqlite_plugins import ios_accounts
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/ios_accounts.py", line 13, in
from plaso.lib import eventdata
ImportError: cannot import name 'eventdata' from 'plaso.lib' (/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/lib/init.py)
**Expected behavior**
The plaso should successfully parse the given sqlite file.
**Desktop (please complete the following information):**
- OS: Kali Linux
- Version: 2021.3 arm64
**l2tscaffolder Version**
l2tscaffolder 20200511.
I installed l2tscaffolder from source.
**Possible solution**
`eventdata` is not in `plaso.lib` anymore. If I am not mistaken, it has been moved to `plaso.containers`. I need to dig deeper to the plaso code base. I will submit a fix for this issue. I am working on this now. We need to fix the jinja template as well.
Describe the bug
I develop an Sqlite plugin using l2tscaffolder. The scaffolder successfully built the plugin. After that, I rebuilt the plaso and got an error
ImportError: cannot import name 'eventdata' from 'plaso.lib'To Reproduce
Steps to reproduce the behavior:
Available definitions: [0] plaso [1] timesketch [2] turbinia Definition choice: 0 plaso chosen.
Path to the project root: /home/parallels/git/plaso Path [/home/parallels/git/plaso] set as the project path.
Name of the module to be generated. This can be something like "foobar sqlite" or "event analytics".
This will be used for class name generation and file name prefixes.
Module Name: iOS Accounts About to create a new feature branch to store newly generated code. ERROR:root:Running: "git show-ref --verify --quiet refs/heads/"ios_accounts"" failed with error: . Creating feature branch: ios_accounts inside /home/parallels/git/plaso Switching to feature branch ios_accounts
Available scaffolders for plaso: [0] sqlite Scaffolder choice: 0
Define the name of the callback function (key) that will be called for every row returned from the SQL query (value).
The plugin will execute the SQL query and call the callback
once for each resulting row. The name of the function should
follow style guide and be descriptive. An example of that is
a SQL statement that fetches bookmarks, the key name should be
Bookmark, or if the SQL statement collects GPS coordinates
it could be called Location.
Callback function name [#1]: User SQL Statement [#1]: select zdate, zaccounttypedescription, zusername, zaccountdescription, zaccount.zidentifier, zaccount.zowningbundleid from zaccount, zaccounttype where zaccounttype.z_pk=zaccount.zaccounttype More entries? [Y/n]: n
List of required tables Value to add [#1]: zaccount Add more values? [Y/n]: Y Value to add [#2]: zaccounttype Add more values? [Y/n]: n
Absolute or relative path to the file that will be used for tests. Value: /home/parallels/Desktop/Accounts3.sqlite Ready to generate files? [Y/n]: Y File: /home/parallels/git/plaso/test_data/Accounts3.sqlite written to disk. File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/ios_accounts.py written to disk. File: /home/parallels/git/plaso/tests/parsers/sqlite_plugins/ios_accounts.py written to disk. File: /home/parallels/git/plaso/plaso/formatters/ios_accounts.py written to disk. File: /home/parallels/git/plaso/tests/formatters/ios_accounts.py written to disk. File: /home/parallels/git/plaso/plaso/formatters/init.py written to disk. File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/init.py written to disk.
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/init.py", line 656, in run_script self.require(requires)[0].run_script(script_name, ns) File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/init.py", line 1453, in run_script exec(code, namespace, namespace) File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/EGG-INFO/scripts/psteal.py", line 21, in
from plaso.cli import psteal_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/psteal_tool.py", line 11, in
from plaso.cli import extraction_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/extraction_tool.py", line 18, in
from plaso import parsers # pylint: disable=unused-import
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/init.py", line 83, in
from plaso.parsers import sqlite_plugins
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/init.py", line 20, in
from plaso.parsers.sqlite_plugins import ios_accounts
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/ios_accounts.py", line 13, in
from plaso.lib import eventdata
ImportError: cannot import name 'eventdata' from 'plaso.lib' (/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/lib/init.py)